BianLian Ransomware IOCs - Part 5 - SEC-1275-1
Tags
| country: | Canada |
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 0707c882-26e0-4da8-b9d4-bed74168ff9f |
| Fingerprint | 6697d0e7c1bcf17b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 29, 2024, midnight |
| Added to db | Nov. 29, 2024, 7:02 a.m. |
| Last updated | Dec. 11, 2024, 12:08 p.m. |
| Headline | BianLian Ransomware IOCs - Part 5 |
| Title | BianLian Ransomware IOCs - Part 5 - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 12/2/19 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/8153/bianlian-ransomware-iocs-part-5/?mtm_campaign=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 42 | cve-2022-37969 |
|
| Details | Domain | 1 | xred.mooo.com |
|
| Details | Domain | 3 | bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion |
|
| Details | Domain | 2 | freedns.afraid.org |
|
| Details | Domain | 1 | xred.site50.net |
|
| Details | File | 1 | ssllibrary.dll |
|
| Details | File | 1 | supdate.ini |
|
| Details | sha1 | 1 | a30fa98efc092684e8d1c5cff797bcc613562978 |
|
| Details | sha256 | 5 | 0c1eb11de3a533689267ba075e49d93d55308525c04d6aff0d2c54d1f52f5500 |
|
| Details | sha256 | 10 | 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43 |
|
| Details | sha256 | 6 | 40126ae71b857dd22db39611c25d3d5dd0e60316b72830e930fba9baf23973ce |
|
| Details | sha256 | 6 | 7b15f570a23a5c5ce8ff942da60834a9d0549ea3ea9f34f900a09331325df893 |
|
| Details | sha256 | 1 | ec6c4d70f0645ee38ca0fbc9dcbd4094c823c66475458453b4f1449f63eac0d6 |
|
| Details | sha256 | 1 | f67dd58463dd3788d494f1c354695060a7d2be303be52ef2575aa809f6349bd9 |
|
| Details | Url | 1 | http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 |
|
| Details | Url | 1 | http://freedns.afraid.org:1199/api |
|
| Details | Url | 1 | http://xred.mooo.com:1199 |
|
| Details | Url | 1 | http://xred.site50.net/syn/ssllibrary.dll |
|
| Details | Url | 1 | http://xred.site50.net/syn/supdate.ini |